Description
The web interface on multiple Omada switches does not adequately validate certain external inputs, which may lead to out-of-bound memory access when processing crafted requests. Under specific conditions, this flaw may result in unintended command execution.<br>An unauthenticated attacker with network access to the affected interface may cause memory corruption, service instability, or information disclosure. Successful exploitation may allow remote code execution or denial-of-service.
CVSS Metrics
- Vector
- CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Attack Vector
- adjacent
- Complexity
- high
- Privileges
- none
- User Action
- none
- Confidentiality
- undefined
- Integrity
- undefined
- Availability
- undefined
- Weaknesses
- CWE-20CWE-787
Metadata
- Primary Vendor
- TP-LINK
- Published
- 3/13/2026
- Last Modified
- 4/2/2026
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
tp-link : omada_sg2005p-pd_firmwaretp-link : omada_sg2008_firmwaretp-link : omada_sg2008_firmwaretp-link : omada_sg2008p_firmwaretp-link : omada_sg2008p_firmwaretp-link : omada_sg2016p_firmwaretp-link : omada_sg2016p_firmwaretp-link : omada_sg2210mp_firmwaretp-link : omada_sg2210mp_firmwaretp-link : omada_sg2210mp_firmwaretp-link : omada_sg2210p_firmwaretp-link : omada_sg2210p_firmwaretp-link : omada_sg2210xmp-m2_firmwaretp-link : omada_sg2218_firmwaretp-link : omada_sg2218_firmwaretp-link : omada_sg2218p_firmwaretp-link : omada_sg2218p_firmwaretp-link : omada_sg2218p_firmwaretp-link : omada_sg2428lp_firmwaretp-link : omada_sg2428p_firmwaretp-link : omada_sg2428p_firmwaretp-link : omada_sg2452lp_firmwaretp-link : omada_sg3210_firmwaretp-link : omada_sg3210_firmwaretp-link : omada_sg3210xhp-m2_firmwaretp-link : omada_sg3210x-m2_firmwaretp-link : omada_sg3218xp-m2_firmwaretp-link : omada_sg3428_firmwaretp-link : omada_sg3428_firmwaretp-link : omada_sg3428mp_firmwaretp-link : omada_sg3428mp_firmwaretp-link : omada_sg3428x_firmwaretp-link : omada_sg3428x_firmwaretp-link : omada_sg3428xf_firmwaretp-link : omada_sg3428xf_firmwaretp-link : omada_sg3428x-m2_firmwaretp-link : omada_sg3428xmp_firmwaretp-link : omada_sg3428xmp_firmwaretp-link : omada_sg3428xmpp_firmwaretp-link : omada_sg3428xmpp_firmwaretp-link : omada_sg3428xpp-m2_firmwaretp-link : omada_sg3452_firmwaretp-link : omada_sg3452_firmwaretp-link : omada_sg3452p_firmwaretp-link : omada_sg3452p_firmwaretp-link : omada_sg3452x_firmwaretp-link : omada_sg3452x_firmwaretp-link : omada_sg3452xmpp_firmwaretp-link : omada_sg3452xp_firmwaretp-link : omada_sg3452xp_firmwaretp-link : omada_sl2428p_firmwaretp-link : omada_sx3008f_firmwaretp-link : omada_sx3016f_firmwaretp-link : omada_sx3016f_firmwaretp-link : omada_sx3032f_firmwaretp-link : omada_sx3206hpp_firmwaretp-link : omada_sx3832_firmwaretp-link : omada_sx3832mpp_firmwaretp-link : omada_tl-sg2428p_firmwaretp-link : omada_tl-sg3428mp_firmwaretp-link : omada_tl-sg3452p_firmware
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.